How to deactivate sonar tokens for deleted users

Subject: Assistance Needed to Revoke SonarCloud Tokens for Offboarded Users

Greetings,

I hope you’re doing well.

I’m reaching out to request assistance with an issue we’re facing regarding user tokens in our organization’s SonarCloud account. We have several active SonarCloud tokens that were issued to users who have since been offboarded. As we use Bitbucket authentication for login, and their Bitbucket accounts have already been deactivated and removed, we are currently unable to revoke their tokens ourselves.

We would greatly appreciate your help in revoking these tokens, as they remain active. Any guidance or support you can provide on how to proceed would be highly appreciated. I can provide more details upon request regarding this.

Thank you in advance for your assistance.

Best regards,
Justice Ticha Muma

Hi Justice,

On SonarQube Cloud, it is not possible to revoke user tokens. Note that a user token has exactly the same permissions as the user itself on SonarQube Cloud.

In case of offboarding, we advice to remove the user from all the organizations of the enterprise. Then the token does not have permissions on those organizations/projects anymore.

Regards,
Nolwenn

thanks for the quick response Nolwenn

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.